CVE-2020-4840
First published: Mon Dec 21 2020(Updated: )
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Secret Server | =10.6 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the IBM Security Secret Server vulnerability?
The vulnerability ID is CVE-2020-4840.
What is the severity rating of CVE-2020-4840?
The severity rating of CVE-2020-4840 is high (6.1).
How does CVE-2020-4840 allow a remote attacker to conduct phishing attacks?
CVE-2020-4840 allows a remote attacker to conduct phishing attacks using an open redirect attack.
How can CVE-2020-4840 be exploited by an attacker?
An attacker can exploit CVE-2020-4840 by persuading a victim to visit a specially crafted website.
Is there a patch or fix available for CVE-2020-4840?
Please refer to IBM's support page for information on patches or fixes available for CVE-2020-4840.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm security secret server
- version/ibm security secret server/10.6
- vendor/microsoft
- canonical/microsoft windows